migration: don't close a file descriptor while it can be in use

If we close the QEMUFile descriptor in process_incoming_migration_co() while it has been stopped by an error, the postcopy_ram_listen_thread() can try to continue to use it. And as the memory has been freed it is working with an invalid pointer and crashes. Fix this by releasing the memory after having managed the error case (which, in fact, calls exit()) Signed-off-by: Laurent Vivier <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]> Reviewed-by: Juan Quintela <[email protected]> Reviewed-by: Amit Shah <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Juan Quintela <[email protected]>
zhoulunhao · Apr 21, 2017 · e8199e4 · e8199e4
1 parent 66103a5
commit e8199e4
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/migration/migration.c b/migration/migration.c
@@ -435,9 +435,6 @@ static void process_incoming_migration_co(void *opaque)
         qemu_thread_join(&mis->colo_incoming_thread);
     }
 
-    qemu_fclose(f);
-    free_xbzrle_decoded_buf();
-
     if (ret < 0) {
         migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
                           MIGRATION_STATUS_FAILED);
@@ -446,6 +443,9 @@ static void process_incoming_migration_co(void *opaque)
         exit(EXIT_FAILURE);
     }
 
+    qemu_fclose(f);
+    free_xbzrle_decoded_buf();
+
     mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
     qemu_bh_schedule(mis->bh);
 }